Mercurial > vim

diff src/insexpand.c @ 34753:a87c4383404a v9.1.0254

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.1.0254: [security]: Heap buffer overflow when calling complete_add() in 'cfu' Commit: https://github.com/vim/vim/commit/0a419e07a705675ac159218f42c1daa151d2ceea Author: zeertzjq <zeertzjq@outlook.com> Date: Tue Apr 2 19:01:14 2024 +0200 patch 9.1.0254: [security]: Heap buffer overflow when calling complete_add() in 'cfu' Problem: [security]: Heap buffer overflow when calling complete_add() in the first call of 'completefunc' Solution: Call check_cursor() after calling 'completefunc' (zeertzjq) closes: #14391 Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Tue, 02 Apr 2024 19:15:02 +0200
parents 6d3a5ef458cd
children ffa6ed03a9f2
line wrap: on
line diff
--- a/src/insexpand.c
+++ b/src/insexpand.c
@@ -2741,6 +2741,7 @@ expand_by_function(int type, char_u *bas
     --textlock;
 
     curwin->w_cursor = pos;	// restore the cursor position
+    check_cursor();  // make sure cursor position is valid, just in case
     validate_cursor();
     if (!EQUAL_POS(curwin->w_cursor, pos))
     {
@@ -4606,6 +4607,7 @@ get_userdefined_compl_info(colnr_T curs_
 
     State = save_State;
     curwin->w_cursor = pos;	// restore the cursor position
+    check_cursor();  // make sure cursor position is valid, just in case
     validate_cursor();
     if (!EQUAL_POS(curwin->w_cursor, pos))
     {